Submissions / Privacy Notice

Please note that we do not accept unsolicited submissions – only producer or personal recommendations. Any unsolicited material sent will be deleted unread. You agree that at no time will you be entitled to make any claim against NT Management or its employees should another programme or film be made which bears a coincidental resemblance to your own work. This applies whether a submitting party has read this disclaimer or not.



1.1          This privacy notice (Privacy Notice) sets out the ways in which we, Nick Turner Management Ltd (we, us, our), collect and use your personal data (your personal information) in connection with our business and use of our website, how we collect and use personal data about you prior to you being a client of the agency, during the agent client relationship and once the relationship has ended. It also explains what rights you have to access or change your personal data.

1.2          Our website is not intended for children. We do not knowingly collect or maintain the personal information of children under the age of 13. If you are under the age of 13, please do not access our website at any time or in any manner. We will take appropriate steps to delete the personal information of persons under the age of 13.


We are a company registered in England under company number 10109222. Nick Turner Management Ltd is a “data controller”. This means that we are responsible for deciding how we hold and use personal data about you. We are required under the General Data Protection Regulation 2016 (the “GDPR”) to notify you of the information contained in this Privacy Notice.

2.1          You can contact us as follows:

FAO:                       Nick Turner

Email Address:


3.1          Information that you provide to us.

We will collect any information that you provide to us when you:

a)          make an enquiry over the phone, by email or on our website;

b)          submit screenplays or showreels or other content to us by post or email;

c)          enter into a contract with us to represent you;

d)          submit an application to a job vacancy;

e)          ‘follow’, ‘like’, post to or interact with our social media accounts, including LinkedIn, Twitter and Google+;

The information you provide to us will include (depending on the circumstances):

Identity and contact data: title, names, addresses, email addresses and phone numbers;

Employment and background data: If you are submitting a screenplay or showreel for review or submission for representation, or a job application, you may also provide additional information about your academic and work history, filmography, credits, qualifications, skills, project details and training that you are involved in, references, your nationality and/or citizenship status, proof of your entitlement to work in the UK, your national insurance number, your passport or other identity document details, your current level of remuneration (including benefits), and any other such similar information that you may provide to us; and

Financial details: If you are a client, we will want to remit to you the money we collect on your behalf pursuant to our representation of you, so we will ask you for your bank details, tax status information, VAT number, any interest in and connection with any intermediary through which your services are supplied and royalty payments, and details of your accountant if you wish us to send them information as well.  If you are an ex-client and we are still receiving money on your behalf, we will retain these details so that we can continue to process payments for you.

3.2          Information we collect about you:

Information contained in correspondence: We will collect any information contained in any correspondence between us. For example, if you contact us using a query button on our website or by email or telephone, we may keep a record of that correspondence;

Website usage data: We may collect information about your interactions with the website, including information such as login data, IP address, page views, searches, requests, orders, pre-approvals, confirmations, agreements between you and other website users and other actions on the website

Technical data: We may also collect certain information about how you use our website and the device that you use to access our website, even where you have not created an account or logged in. This might include your geographical location, device information (such as your hardware model, mobile network information, unique device identifiers), the data transmitted by your browser (such as your IP address, date and type of the request, content of the request regarding the specific site, time zone settings, access status/HTTP status code, volume of data transmitted, browser type and version, language settings, time zone settings referral source, length of visit to the website, date and time of the request, operating system and interface) number of page views, the search queries you make on the website and similar information. This information may be collected by a third-party website analytics service provider on our behalf and/or may be collected using cookies or similar technologies. For more information on cookies please read the COOKIES section below.

Performance of agency client agreement: Details of contractual negotiations conducted on your behalf with third parties, commercial tie-up rights, merchandising, advertising, intellectual property rights and other information relating to exploitation of your rights. Details of the projects/engagements you are or have been involved in, disputes, disciplinary and grievance information relating to projects/employment/work you are or have been involved in with third parties, health information including mental health, details of your assets and beneficiaries, such as information contained in your will or where you have transferred your beneficial interest in your work or other rights to other individuals and/or companies, Your marital status, family, lifestyle or social circumstances and other affairs, if relevant to the agency client relationship (for example where we liaise with third parties on your behalf in respect of your reputation or reliability), information about criminal convictions or offences.

Special Categories: Some of the personal data above may also fall within “special categories” of more sensitive personal data such as:

-Information about your race or ethnicity, religious beliefs, sexual orientation and political opinions.

-Trade union membership.

-Information about your health, including any medical condition, health and sickness records

Some of the personal data above may also fall within personal data relating to criminal convictions and offences.

3.3          Information we receive from third parties

3.3.1            In certain circumstances, we will receive information about you from third parties. For example:

Employers, recruitment agencies and referees: if you are a job applicant we may contact your recruiter, current and former employers and/or referees, who may be based inside or outside the EU, to provide information about you and your application;

Third parties who can verify submitted information: if you submit a screenplay or showreel to us for our review, we may use third party providers to verify the information that you provide to us in connection with that submission. For example, we will use third-party databases or websites such as IMDB or Wikipedia to confirm your broadcast work;

Website security: we will collect information from our website security service partners who are based inside OR outside the EU, about any misuse to the website, for instance, the introduction of viruses, Trojans, worms, logic bombs, website attacks or any other material or action that is malicious or harmful; and

Third parties such as co-agents:  if one of our co-agents such as a US agent or book agent puts us in touch with each other with a view to working together, they may send us information such as your writing background and contact details.  You will normally be consulted by that agent before they send us contact details.

3.3.2            We might also receive information about you from third parties if you have indicated to such third party that you would like to hear from us.

    4.1          We will use your information for the purposes listed below either on the basis of:
  • performance of your contract with us and the provision of our services to you;
  • your consent (where we request it);
  • where we need to comply with a legal or regulatory obligation; or
  • our legitimate interests or those of a third party (see paragraph 4.3 below).

4.2          We use your information for the following purposes:

To provide access to our website: to provide you with access to our website in a manner convenient and optimal and with personalised content relevant to you including sharing your information with our website hosts (Siteground) and developers (WordPress, Corin Hartley) (on the basis of our legitimate interest to ensure our website is presented in an effective and optimal manner);

To conduct business with you: to make a decision about whether to represent you as a client, to contact you and manage and facilitate our business relationship with you, including the administration of your contract (on the basis of performing our contract with you); To represent you; To find and put you forward for new projects and engagements; To create a company CV and profile on our website to enable us to assess your suitability for new roles and projects and so that we can easily forward your profile onto third parties such as producers, financiers and broadcasters and to find and put you forward for new roles and projects; Negotiating the terms of your engagement on new projects with third parties including (but not limited to):

  • The scope of your services
  • Fees, payments and royalties
  • Work benefits and expenses
  • Working hours, dates of the engagement, place of work and your work environment
  • Restrictive covenants
  • Disputes
  • Publicity

Managing your affairs and servicing contracts; To negotiate your intellectual property rights, licence fees and royalty payments; To collect and receive payments on your behalf, to undertake invoicing, to collect and pay VAT and to deduct our commissions; Making arrangements for the termination of any agency client relationship (on the basis of performing our contract with you).

Relationship management: to manage our relationship with you, which will including notifying you about changes to our terms of use or privacy policy (on the basis of performing our contract with you, to comply with our legal obligations and on the basis of our legitimate interests to keep our records updated and study how our website and services are used);

User and client support: to deal with enquiries or complaints about the website  and share your information with our website developer and/or IT support provider as necessary to provide support (on the basis of our legitimate interest in providing the correct services to our website users and to comply with our legal obligations);

Recruitment: to process any job applications you submit to us, whether directly or via an agent or recruiter including sharing this with our third party recruitment agency (on the basis of our legitimate interest to recruit new employees or contractors);

Social media interactions: to interact with users on social media platforms including LinkedIn, Twitter and Google+, for example, responding to comments and messages, posting, ‘retweeting’ and ‘liking’ posts (on the basis of our legitimate interest in promoting our brand and clients, and communicating with interested individuals);

Research: to carry out aggregated and anonymised research about general engagement with our website (on the basis of our legitimate interest in providing the right kinds of services to our website users);

Fraud and unlawful activity detection: to protect, investigate, and deter against fraudulent, unauthorised, or illegal activity, including identity fraud (on the basis of our legitimate interests to operate a safe and lawful business or where we have a legal obligation to do so);

Compliance with policies, procedures and laws: to enable us to comply with our policies and procedures and enforce our legal rights, or to protect the rights, property or safety of our employees and share your information with our technical and legal advisors (on the basis of our legitimate interests to operate a safe and lawful business or where we have a legal obligation to do so).

4.3          As outlined above, in certain circumstances we may use your personal information to pursue legitimate interests of our own or those of third parties. Where we refer to using your information on the basis of our “legitimate interests”, we mean our legitimate business interests in conducting and managing our business and our relationship with you, including the legitimate interest we have in:

4.3.1            personalising, enhancing, modifying or otherwise improving the services and/or communications that we provide to you;

4.3.2            detecting and preventing fraud and operating a safe and lawful business;

4.3.3            improving security and optimisation of our network, sites and services;

4.3.4            business management and planning;

4.3.5            dealing with legal disputes involving you and/or our employees;

4.3.6            equal opportunities monitoring;

4.3.7            updating client records;

4.3.8            monitoring and keeping records of our communications with you and our staff.

Where we use your information for our legitimate interests, we make sure that we take into account any potential impact that such use may have on you. Our legitimate interests don’t automatically override yours and we won’t use your information if we believe your interests should override ours unless we have other grounds to do so (such as your consent or a legal obligation). If you have any concerns about our processing please refer to details of “Your Rights” in paragraph 10 below.

4.4          As outlined above, in certain circumstances we may use your personal information to comply with our legal or regulatory obligations, such as: accounting and auditing of our business, and to comply with any obligations under employment law and/or under the Employment Agency Standards.


5.1          In connection with the purposes and on the lawful grounds described above and in addition to the recipients of your information as described above, we will share your personal information when relevant with third parties such as:

Our service providers: third parties we work with to deliver our business (including, for example, hosting or operating the website and our databases and site analytics)(i.e. WordPress, Siteground, Agentfile); To enable us to assess your suitability for new roles and projects and so that we can easily forward your profile onto third parties such as producers, financiers and broadcasters we will create a profile on our website.

Production companies, licensees, assignees, sub-agents and broadcasters: if you are a writer or director, any production companies or other licensees or assignees of your work (or prospective production companies and assignees and licensees) as well as sub- or co-agents and broadcasters, where applicable. A situation where we will often provide your personal data to third parties is where it is necessary for the performance of the agency client agreement with you such as where we put you forward for new projects or where certain categories of your personal data are required by a third party in respect of a project you have been engaged on.

Prospective sellers and buyers of our business: any prospective seller or buyer of such business or assets, only in the event that we decide to sell or buy any business or assets; and

Other third parties (including professional advisers): any other third parties (including legal or other advisors, regulatory authorities, courts, law enforcement agencies and government agencies) where necessary to enable us to enforce our legal rights, or to protect the rights, property or safety of our employees or where such disclosure may be permitted or required by law. We may also share your personal data with third parties where required by law or where we have another legitimate interest in doing so.

5.2          We require such third parties to respect the security of your data and to treat it in accordance with data protection legislation.


Special categories of particularly sensitive personal data and personal data relating to criminal convictions and offences require higher levels of protection. We need to have a further legal ground for collecting, storing and using this type of personal data. We may process special categories of personal data in the following circumstances:

a)          With your explicit consent

  • To collect, hold and disclose data concerning your health to third parties e.g. where disclosure of your health records or a medical examination is a condition of your engagement on a project.
  • To hold and disclose any criminal records information relating to you (including alleged offences) e.g. where disclosure of such information to a third party is a condition of your engagement on a project.
  • To create a company CV and profile on our website to enable us to assess your suitability for new roles and projects and so that we can easily forward your profile onto third parties such as producers and to find and put you forward for new roles and projects.

b)          Processing is necessary to protect your vital interests or those of another natural person

  • To collect, hold and disclose data concerning your health to third parties e.g. where disclosure of your health records is necessary for a medical emergency.

c)          The personal data we wish to process has manifestly been made public by you

d)          Processing is necessary for the establishment, exercise or defence of legal claims or whenever Courts are acting in their judicial capacity

e)          Processing is necessary for reasons of substantial public interest


7.1          We use cookies to ensure that you get the most out of our website. Cookies are small amounts of information in the form of text files which we store on the device you use to access our website. Cookies allow us to monitor your use of the software and simplify your use of the website.
7.2          If you do not wish for cookies to be installed on your device, you can change the settings on your browser or device to reject cookies. For more information about how to reject cookies using your internet browser settings please consult the “Help” section of your internet browser (or alternatively visit Please note that, if you do set your Internet browser to reject cookies, you may not be able to access all of the functions of the website.
7.3          The names of the cookies used on our website and the purposes for which these cookies are used are set out in the table below:

Cookie Name Purpose Duration
[currently no cookies]

7.4          Our website may contain content and links to other sites that are operated by third parties that may also operate cookies. We don’t control these third party sites or cookies and this Privacy Notice does not apply to them. Please consult the terms and conditions and Privacy Notice of the relevant third party site to find out how that site collects and uses your information and to establish whether and for what purpose they use cookies.


8.1          We operate a policy of “privacy by design” by looking for opportunities to minimise the amount of personal information we hold about you. We use appropriate technological and operational security measures (AVG) to protect your information against any unauthorised access or unlawful use, such as:

  • ensuring the physical security of our offices or other sites;
  • ensuring the physical and digital security of our equipment and devices by using appropriate password protection; communication via an ecrypted email address is available on request;
  • we limit access to your personal data to those employees, agents, contractors and other third parties who have a business need to know. They will only process your personal data on our instructions and they are subject to a duty of confidentiality.

8.2          We will retain your information for as long as is necessary to provide you with the services that you have requested from us or for as long as we reasonably require to retain the information for our lawful business purposes, such as for the purposes of exercising our legal rights or where we are permitted to do.


9.1          We are based in the UK, but sometimes we may need to transfer your personal data outside the EU. A common example is where we need to provide your personal data to a company or organisation outside the EU as a requisite to you providing your services to that company or organisation.

9.2          We will seek and secure your explicit consent for transferring your personal data outside the EU in circumstances where (a) the transfer is not necessary for the client agency agreement (b) the EU Commission has not made an adequacy decision in respect of the country in which the recipient of the personal data is based (c) the transfer of the personal data is not subject to appropriate safeguards as set out in Article 46 of the GDPR (d) there are no binding corporate rules in place (e) no other derogation is applicable.


10.1          You have certain rights in respect of the information that we hold about you, including:

  • the right to be informed of the ways in which we use your information, as we seek to do in this Privacy Policy;
  • the right to ask us not to process your personal data for marketing purposes;
  • the right to request access to the information that we hold about you;
  • in certain circumstances, the right to receive a copy of any information we hold about you (or request that we transfer this to another service provider) in a structured, commonly-used, machine readable format
  • the right to request that we correct or rectify any information that we hold about you which is out of date or incorrect;
  • the right to withdraw your consent for our use of your information in reliance of your consent (refer to paragraph 4 to see when we are relying on your consent), which you can do by contacting us using any of the details at the top of this Privacy Notice;
  • the right to object to our using your information on the basis of our legitimate interests (refer to paragraph 4 above to see when we are relying on our legitimate interests) (or those of a third party) and there is something about your particular situation which makes you want to object to processing on this ground;
  • in certain circumstances, the right to ask us to limit or stop processing information about you, or erase information we hold about you; and
  • the right to lodge a complaint about us to the UK Information Commissioner’s Office (, as well as with the relevant authority in your country of work or residence.

10.2          Please note that we may need to retain certain information for our own record-keeping and research purposes. We may also need to send you service-related communications relating to your website user account even when you have requested not to receive marketing communications.

How to exercise your rights

10.3          If you want to review, verify, correct or request erasure of your personal data, object to the processing of your personal data, or request that we transfer a copy of your personal data to another party, please contact Nick Turner in writing.

10.4          You may contact us via the details at the top of this Privacy Notice if you wish to action any of these additional rights and we will comply with your requests unless we have a lawful reason not to do so.

What we need from you to process your requests

10.5          We may need to request specific information from you to help us confirm your identity and to enable you to access your personal data (or to exercise any of your other rights). This is a security measure to ensure that personal data is not disclosed to any person who has no right to receive it. We may also contact you to ask you for further information in relation to your request to speed up our response.

10.6          You will not have to pay a fee to access your personal data (or to exercise any of the other rights). However, we may charge a reasonable fee if your request is clearly unfounded, repetitive or excessive. Alternatively, we may refuse to comply with your request in these circumstances. We will try to respond to all legitimate requests within one month. Occasionally it may take us longer than a month if your request is particularly complex or you have made a number of requests. In this case, we will notify you and keep you updated.

Change of purpose

10.7          We will only use your personal data for those situations listed above, unless we reasonably consider that we need to use it for another reason and that reason is compatible with the original purpose. If we need to use your personal data for an unrelated purpose, we will notify you and we will explain the legal basis which allows us to do so.

10.8          Please note that we may process your personal data without your knowledge or consent, where this is required or permitted by law.

What if you don’t want to share your personal data with us?

10.9          If you fail to provide certain information when requested, we may not be able to perform the agency client agreement we have entered into with you or we may be prevented from complying with our legal obligations to you (such as paying you or putting you forward for new projects).


11.1          The website may include links to third-party websites, plug-ins and applications. Clicking on those links or enabling those connections may allow third parties to collect or share data about you. We do not control these third-party websites and are not responsible for their privacy statements. When you leave our website, we encourage you to read the privacy notice of every website you visit.


12.1          We may make changes to this Privacy Notice from time to time. We will post any changes to our site, or notify you of any material changes by e-mail.

12.2          It is important that the personal data we hold about you is accurate and current. Please keep us informed if your personal data changes during your relationship with us by updating your profile account information or contacting us via the contact details at the top of this Privacy Notice.

This Privacy Notice was updated on 02 September 2021.


Appendix – Glossary of Commonly Used Data Protection Terms

Article 29 Working Party a European advisory body made up of a representative from the data protection authority of each EU Member State, the European Data Protection Supervisory and the European Commission. It provides guidelines on the GDPR and data protection matters.
Anonymisation where Personal Data is processed in such a way that the data can no longer be attributed to a specific Data Subject. When done properly, anonymisation places data outside the scope of the GDPR.
Automated Decision Making these are decisions which are made following Processing of Personal Data solely by automatic means, (i.e. where no humans are involved in the decision-making process). An example would an individual applying for a personal loan online, then being given a yes/no decision based solely on an automated credit search algorithm.
Consent defined in the GDPR as “any freely given, specific, informed and unambiguous indication of the Data Subject’s wishes by which he or she by statement or by a clear affirmative action, signifies agreement to the processing of Personal Data relating to him or her”. Silent, implicit indications of consent, such as leaving pre-ticked web form boxes ticked, will not be sufficient for Consent under the GDPR. Note that “informed” Consent requires that the Data Subject has received all the information about the Processing, in a format intelligible to them so they can make an informed decision about their rights (this is a particular challenge for children’s consent). Some Processing requires the Data Subject’s “explicit Consent”.
Data Subject means a living person who is the subject of Personal Data. In your business, Data Subjects will likely include your employees, writers, directors, suppliers, website users etc.
Data Subject Rights the rights that Data Subjects have under the GDPR including the rights in certain circumstances to access information Data Controllers have about them, stop or restrict Processing about them, to withdraw Consent and complain to a Supervisory Authority.
Data Controller the living person or legal entity which, alone or jointly with others, determines the purposes for which and means of Processing of Personal Data. For example, your business is a Data Controller in respect of the Personal Data it Processes about its employees, writers, directors, suppliers etc (note that the individual employees of the business are not separate Data Controllers).
Data Processor the living person or legal entity which processes Personal Data on behalf of a data controller. You might use Data Processors in your business to host your website, send email marketing on your behalf etc.
Data Protection Bill the version of the UK’s Data Protection Bill first read before Parliament on 13 September 2017, which is set to replace the Data Protection Act 1998, and which is set to implement parts of the GDPR specific to the UK;
DPA (Data Protection Act) the Data Protection Act 1998, the UK’s existing data protection law;
DPIA (Data Protection Impact Assessment) known under the existing data protection laws as a “privacy impact assessment” this tool can help you determine if your Processing will affect the rights of any Data Subjects (and how to mitigate that risk). It is a required process in some instances under the GDPR.
DPO (Data Protection Officer) under the GDPR companies must appoint a DPO in certain circumstances (such as when they are Processing on a large scale or undertaking regular or systematic monitoring).
EEA European Economic Area. This is the region to which the GDPR primarily applies. Sending or making Personal Data accessible outside of the EEA requires special considerations (see Transfer below).
EU-US Privacy Shield the framework for transatlantic exchanges of Personal Data for commercial purposes between the European Union and the United States under which US companies can certify compliance.
GDPR the General Data Protection Regulation (EU) 2016/679. There is an online, searchable version of the GDPR text here:
ICO the UK’s data protection regulator, the Information Commissioner’s Office. The ICO has GDPR guidance and resources here;
Lawful Grounds Processing may take place only when there is a lawful reason to do so. Commonly referred to as the “six lawful grounds” these are specified in the GDPR as: (i) when the Data Subject has given their Consent for one or more specified purposes; or when the Processing is necessary (ii) for performance of or entering into a contract with or at the request of the Data Subject; (iii) for the Data Controller to comply with a legal obligation; (iv) to protect the vital interests (generally a life-or-death situation) of the Data Subject or another person; (v) for performance of a task in the public interest; (vi) for the purposes of Legitimate Interests (see below). It is important to remember that each Lawful Ground is equally valid. Data Controllers must identify the appropriate Lawful Ground for their Processing and specify these in the Privacy Notice.
Legitimate Interests one of the Lawful Grounds for data Processing under the GDPR. Legitimate Interests refers to your interests in conducting and managing your business and your relationship with Data Subjects but it can only apply if you have made an assessment and determined that the rights and freedoms of Data Subjects are not overridden. It can be a tricky concept to apply but it is helpful to consider the nature of your relationship with the Data Subject and whether the kind of Processing you envisage would be within their reasonable expectations.
Model Contract Clauses the standard contractual clauses approved by the European Commission as guaranteeing appropriate safeguards under European data protection laws for Personal Data transferred to entities based outside of the EEA.
Personal Data any information relating to an identified or identifiable natural person who can be identified, directly, or indirectly, in particular by reference to an identifier such as a name, an identification number, location data, an online identifier or to one or more factors specific to the physical, physiological, genetic, mental, economic, cultural or social identity of that natural person; there is no exhaustive list of what constitutes Personal Data so it is important to remember that this broad definition may include digital identifiers (such as social media handles) as well as correspondence about (including opinions of) individuals.
Personal Data Breach a breach of security leading to the accidental or unlawful destruction, loss, alteration, unauthorised disclosure of, or access to, Personal Data.
Phishing the attempt to obtain confidential or sensitive information such as usernames and passwords, often for malicious reasons, by disguising as a trustworthy entity in an electronic communication. Phishing is an increasingly common cause of Personal Data Breaches.
Portability the right for an individual to require a Data Controller to give them back a copy of the Personal Data they previously provided or send this data to another organisation so that they can reuse it. The Personal Data has to be provided in a commonly used, machine-readable format and only when the Personal Data has been provided by the Data Subject with their Consent or as part of a contract. This is commonly used in the banking and utilities sectors when individuals switch providers.
Privacy Notice a common way for Data Controllers to inform Data Subjects about how, when, where and why their Personal Data is being Processed. This is commonly hosted on businesses’ websites.
Profiling any form of automated processing of Personal Data intended to evaluate certain personal aspects of an individual. These aspects can include analysing/predicting someone’s performance at work, economic situation, health, personal preferences, interests, reliability, behaviour, location or movement. You may be using Profiling in your business to serve marketing and advertising messages. If so, ensure that you describe this Profiling in your Privacy Notice.
Process(ing) obtaining, recording or holding Personal Data or carrying out any operation or set of operations in relation to it and includes the organisation, retrieval, use of the Personal Data, disclosure, erasure or destruction of the Personal Data. This is a very broad definition and it is important to remember that simply storing Personal Data in any accessible/ordered/structured way will be a form of Processing.
Pseudonymisation similar to anonymisation, but reversible. This is where Personal Data is processed in such a way that the data can no longer be attributed to a specific Data Subject without the use of ‘additional information’. The additional information must be kept separately and be subject to certain measures which ensure that it isn’t unduly used to reverse the process. Pseudonymisation is a way to minimise the risk of a Personal Data Breach.
Special Categories of Data /Sensitive Personal Data Personal Data revealing racial or ethnic origin, political opinions, revealing religious or philosophical beliefs, trade union membership, genetic data, biometric data for the purposes of uniquely identifying a natural person, or concerning health, concerning sexual orientation. Special standards apply to the Processing of Special Categories of Data including: you may only Process this when you have the Data Subject’s explicit Consent or it is necessary for employment obligations or where the vital interests of the Data Subject or others are at risk (and the Data Subject cannot give Consent).
Supervisory Authority a supervisory authority of a European Member State responsible for monitoring the application of data protection laws, which for the UK is the ICO.
Transfer a transfer of Personal Data will occur when Personal Data is sent,  shared, stored, accessed or otherwise used by a third party (whether an individual or a company) in another country or jurisdiction. There are no restrictions of transfers of personal data within the EEA; however safeguards (or “transfer solutions”) must be put in place where Personal Data is transferred outside of the EEA to ensure a level of protection for that Personal Data equivalent to the GDPR. Safeguards that may be applicable include the EU-US Privacy Shield and the Model Contract Clauses.